package com.mcp.mcpserver.service;

import java.util.Set;

/**
 * @author zhangxin569
 * @date 2025/8/8
 * 额外的安全层
 *
 */
public class QuerySanitizerService {
    private static final Set<String> DANGEROUS_KEYWORDS = Set.of(
            "DROP", "DELETE", "TRUNCATE", "ALTER", "CREATE", "SHUTDOWN"
    );

    public void validateQuery(String query) {
        if (query == null || query.isEmpty()) {
            throw new SecurityException("Query cannot be empty");
        }

        String upperQuery = query.toUpperCase();

        // 检查危险操作
        for (String keyword : DANGEROUS_KEYWORDS) {
            if (upperQuery.contains(keyword)) {
                throw new SecurityException("Potentially dangerous operation detected: " + keyword);
            }
        }

        // 检查注入特征
        if (upperQuery.contains(";") ||
                upperQuery.contains("--") ||
                upperQuery.contains("/*")) {
            throw new SecurityException("Query contains suspicious characters");
        }
    }
}
